Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Ur8FLPafl7NLCGJMZdM86uXJeOE.roa
File:                     Ur8FLPafl7NLCGJMZdM86uXJeOE.roa (raw, json)
Hash identifier:          XYYsdiGwo/GgWz447XdpK9VNCxb25m7GWU+Jc4A5wfc=
Subject key identifier:   52:BF:05:2C:F6:9F:97:B3:4B:08:62:4C:65:D3:3C:EA:E5:C9:78:E1
Certificate issuer:       /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial:       019D0066935278D4096567417D3D398D2481
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Ur8FLPafl7NLCGJMZdM86uXJeOE.roa
Signing time:             Wed 18 Mar 2026 10:03:35 +0000
ROA not before:           Wed 18 Mar 2026 10:03:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206069
IP address blocks:        87.76.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:66:93:52:78:d4:09:65:67:41:7d:3d:39:8d:24:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
        Validity
            Not Before: Mar 18 10:03:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52bf052cf69f97b34b08624c65d33ceae5c978e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:60:dc:f4:0b:b9:fa:11:33:8f:14:1e:67:75:
                    90:c3:69:29:f7:24:5a:ec:d9:ae:cf:d2:73:3e:f8:
                    98:ef:5a:3c:46:e5:7a:f8:6c:49:66:79:6d:a5:84:
                    4d:d0:b9:25:31:aa:82:52:4a:28:e1:8b:a6:d9:6a:
                    03:98:93:34:ec:5e:e4:47:66:47:c4:94:25:25:d1:
                    8c:8f:a0:b0:62:93:d3:2c:36:42:1c:6a:9b:9e:18:
                    46:f8:ee:3f:14:cf:31:bd:d0:dc:87:f0:be:1e:e9:
                    35:de:f2:18:c3:67:09:4c:c9:6e:af:83:a3:01:93:
                    ac:ae:60:73:bc:49:89:b7:62:ee:ec:92:01:a1:55:
                    0b:a8:bf:ab:4e:5c:e7:70:2b:10:f0:ea:0a:54:dc:
                    e2:6e:f8:a9:25:ba:32:7b:66:7d:fd:be:55:fd:32:
                    51:c2:83:05:50:8d:54:ce:96:8c:0a:92:cd:71:53:
                    c8:1f:35:50:90:4e:26:cc:8d:b4:a6:24:1d:ea:76:
                    c6:66:ee:11:f1:da:1b:17:1a:63:f3:6e:f5:9e:1f:
                    ee:60:4a:35:eb:4a:8a:07:5b:b1:50:bd:cb:94:c7:
                    50:ef:2c:56:bd:8b:f4:26:31:bc:f2:7c:c3:5a:e2:
                    49:81:b5:e8:90:c9:60:ac:65:81:96:ae:f5:3b:62:
                    f7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:BF:05:2C:F6:9F:97:B3:4B:08:62:4C:65:D3:3C:EA:E5:C9:78:E1
            X509v3 Authority Key Identifier:
                keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Ur8FLPafl7NLCGJMZdM86uXJeOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:59:97:8b:af:89:b6:72:07:66:46:79:6c:e3:84:fe:29:fb:
         6f:de:77:02:c1:9d:13:87:2f:7b:79:c5:35:7f:47:b3:d6:ff:
         68:e7:b8:f9:aa:2c:38:5f:09:33:79:a0:1e:b4:2a:81:80:68:
         2e:e7:75:e3:d7:16:49:4b:e6:b1:54:3f:c7:47:d8:62:b0:82:
         73:11:f2:4a:33:ab:b5:dc:33:5a:2c:88:3e:88:3f:39:90:71:
         40:e0:42:c7:fe:3c:44:d0:b4:a8:91:e1:32:c0:c8:32:59:5b:
         71:4f:78:8c:82:eb:ba:47:17:a6:6d:fb:21:af:26:66:71:b5:
         35:67:50:96:0a:cf:c4:15:a3:f0:2b:66:e1:e0:02:0e:25:24:
         1a:0b:80:e1:9d:30:3f:f4:a6:e2:e8:bf:8f:0d:fa:4b:c9:96:
         84:93:3b:e2:c5:76:5c:38:ca:8d:ab:76:22:93:4b:44:4d:35:
         0c:ca:59:c3:62:87:d9:ee:ec:b2:5a:13:eb:59:34:a2:a7:29:
         86:80:8c:53:0f:62:f5:70:7e:07:a3:2d:6b:bf:77:dd:f6:59:
         78:c6:32:48:f0:d4:52:4c:19:b2:b9:dc:c8:b1:63:72:1c:1f:
         d3:38:74:16:47:54:e8:1b:95:40:68:6e:4f:a6:22:ac:f8:17:
         e9:6b:dd:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AZpNSeNQJZWdBfT05jSSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMzE4MTAwMzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmJmMDUyY2Y2OWY5N2IzNGIwODYyNGM2NWQzM2NlYWU1Yzk3OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mDc9Au5+hEzjxQeZ3WQw2kp9yRa
7Nmuz9JzPviY71o8RuV6+GxJZnltpYRN0LklMaqCUkoo4Yum2WoDmJM07F7kR2ZH
xJQlJdGMj6CwYpPTLDZCHGqbnhhG+O4/FM8xvdDch/C+Huk13vIYw2cJTMlur4Oj
AZOsrmBzvEmJt2Lu7JIBoVULqL+rTlzncCsQ8OoKVNzibvipJboye2Z9/b5V/TJR
woMFUI1UzpaMCpLNcVPIHzVQkE4mzI20piQd6nbGZu4R8dobFxpj8271nh/uYEo1
60qKB1uxUL3LlMdQ7yxWvYv0JjG88nzDWuJJgbXokMlgrGWBlq71O2L3sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFK/BSz2n5ezSwhiTGXTPOrlyXjhMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvVXI4RkxQYWZsN05MQ0dKTVpkTTg2dVhKZU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV0zGMA0G
CSqGSIb3DQEBCwUAA4IBAQA7WZeLr4m2cgdmRnls44T+Kftv3ncCwZ0Thy97ecU1
f0ez1v9o57j5qiw4XwkzeaAetCqBgGgu53Xj1xZJS+axVD/HR9hisIJzEfJKM6u1
3DNaLIg+iD85kHFA4ELH/jxE0LSokeEywMgyWVtxT3iMguu6RxembfshryZmcbU1
Z1CWCs/EFaPwK2bh4AIOJSQaC4DhnTA/9Kbi6L+PDfpLyZaEkzvixXZcOMqNq3Yi
k0tETTUMylnDYofZ7uyyWhPrWTSipymGgIxTD2L1cH4Hoy1rv3fd9ll4xjJI8NRS
TBmyudzIsWNyHB/TOHQWR1ToG5VAaG5PpiKs+Bfpa93E
-----END CERTIFICATE-----